Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

3660 - Plan For Impact of Exchange On AD Directory Services

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

Design and Manage an

Exchange Infrastructure:
Plan for Impact of Exchange on AD
Directory Services


Plan for impact of Exchange on AD
directory services
This objective may include but is not
limited to:
Evaluate impact of schema changes required for
Exchange
Prepare domains for Exchange
Plan around Active Directory site topology
Plan the number of domain controllers
Plan placement of Global Catalog (GC)
Determine DNS changes required for Exchange
Company: Paraiso Brokerage
Firm handling private investment banking with
locations in Sao Paulo and Rio de Janeiro Brazil

Problem:
They are looking to acquire a new firm that
has AD but no existing Exchange environment
and they need to know what the impact will be
and what the AD configuration will involve

Goal:
Assess the existing infrastructure and design
the AD elements prior to deployment
Scenario: Brazillian Brokerage
Exchange stores all of its configuration and recipient
information in Active Directory

Queries are constantly made back to AD when an Exchange
server needs configuration or recipient information so you
can see how essential it is for AD to be available

Exchange is an AD site-aware application and prefers to
communicate with AD servers in the same site
Upon start, Exchange binds to a random DC and GC in its own site
You can use the Get-ExchangeServer cmdlet to discover which DC
and GC and use the Set-ExchangeServer cmdlet to configure a static
list it should bind to
Exchange 2013 and Active Directory
There are schema configuration changes with Exchange 2013 (as
with every release of Exchange since 2000)

To prepare AD you first need to prepare the Schema (which can
be done when installed your first Exchange server in your
environment or through PowerShell prior to the installation)

setup /PrepareSchema (or setup /ps)
/IAcceptExchangeServerLicenseTerms
Optional: /DomainController

You must be a member of the Schema Admins and Enterprise
Admins group to run the command and it has to be run in the
same domain and site as the AD schema master
Active Directory Schema Changes
You should talk to your AD management team before
implementing a schema update (if one exists)

You should also test the update in a lab first

Backup your AD before you apply the schema updates

You can test for schema extension conflicts by using the
ADSchemaExtensionConflictAnalyzer.ps1


Impact of Schema Changes
You can skip the Schema prep and jump right to
/PrepareAD if your policy allows for it

/PrepareAD (/p) will create the Exchange container (if one
doesnt exist) and will configure all the organization
information within including role groups

Exp:
Setup /PrepareAD /OrganizationName <name>
Active Directory: /PrepareAD
To prepare local domains you can run the /PrepareDomain
(/pd) or to prepare all domains you can run
/PrepareAllDomans (/pad)

Creates the Microsoft Exchange System Objects in the root
domain partition

To run /PrepareDomain you must be a Domain Admins
group in the domain

To run /PrepareAllDomains you must be a member of the
Enterprise Admins group
Active Directory: /PrepareDomain
Global Catalog Servers: You must have at least one GC
server (for high availability you should have two)

Domain Controllers: You must have at least one writeable DC
server (for high availability you should have two)

Forest Functionality: Server 2003 or higher

DNS Support: Contiguous, Noncontiguous, Single Label and
Disjointed

IPv6: IPv6 is fully supported (but IPv4 must remain installed,
although you can disable it)
Active Directory Infrastructure
Design and Deployment Strategy
2 Domain Controllers:

DC, GC and AD Integrated
DNS Services
Two Edge Transport Servers Internet
BEx01
BEx02
BEx03
DAG
Witness
JBOD Array
Hardware LB
Split DNS allows you to configure different IP addresses for
the same host name (aka split horizon or split brain DNS)

Using split DNS can help you reduce the number of host
names you have to manage and reduces the number of
SAN names required for your SSL certificates
Example: End users uses owa.company.com both internally and
externally

Note: Microsoft recommends split DNS but it isnt
mandatory
DNS Suggestions
They have a clearer understanding of AD design
and deployment concerns

They dont see the need to break things down and
will use the two commands:
/PrepareAD and /PrepareAllDomains

They will also ensure they have at least 2 GCs in
each site (they currently have multiple DCs but
arent sure if they have multiple GCs)
Scenario: Paraiso Brokerage
Additional Research
Exchange 2013 Active Directory Schema Changes
http://technet.microsoft.com/en-us/library/bb738144(v=exchg.150).aspx

Testing for Active Directory Schema Extension Conflicts
http://technet.microsoft.com/en-us/library/testing-for-active-directory-
schema-extension-conflicts(WS.10).aspx

Deploying Exchange 2013 (petenetlive.com)
http://www.petenetlive.com/KB/Article/0000730.htm#EX10

You might also like